O'Reilly published my article on distributed
systems topologies.
Tuvalu, the
Pacific island nation
and home of the fresh, new, exciting Web address .tv,
is closing
down. Being a flat island nation is bad when the sea
level is rising. [Metafilter]
Fun Flash music toy, the Dub
Selector. There are six different dub machines to play with. I
really like this genre of music toy. [Metafilter]
In Europe, poultry has flavour - chicken is actually yummy! In the
US our birds are bred so much for industrial processing that they have
no flavour, just like oranges and tomatoes. Great article in the New
York Times about this,
The
Hunt for a Truly Grand Turkey, One That Nature Built.
So no, my DSL doesn't always work. Running loopping to ping every
10 seconds, I've had seven DSL outages in the past four days.
Outage for 360 seconds started Sun Nov 18 12:03:34 2001
Outage for 50 seconds started Sun Nov 18 13:24:00 2001 Outage for 90 seconds started Sun Nov 18 18:56:25 2001 Outage for 100 seconds started Sun Nov 18 21:32:55 2001 Outage for 40 seconds started Mon Nov 19 08:19:43 2001 Outage for 50 seconds started Tue Nov 20 21:10:13 2001 Outage for 900 seconds started Wed Nov 21 01:59:12 2001
I'm writing my O'Reilly talk into an article, and I'm fanatic about my
images looking good. See how nicely centered and anti-aliased that
little picture is? I use xfig to do
vector graphics, fig2dev to convert to PNM, then netpbm to scale the images
nicely. But netpbm was missing a tool to say "make the image this size
by padding it on all sides" (pnmpad isn't that smart). So as a
procastrination tool, I wrote up the ugly shell script pnmpadtosize. Unix at
its best!
Everything is online, even
the summer camp I went to
when I was 10. Jumping from the big rock
was a good test of nerves. I don't particularly remember having to
wear a bathing suit.
PacBell DSL seems to be dropping my link every day around 10am, for
about 5 minutes at a time. So I wrote loopping, a small Perl script that pings my
link every N seconds and notes failures. Yeah, trivial hack, but it
always takes longer for me to do these things than it should.
Kevin Poulson on dark address
space: parts of the Internet that can't find a route to each other.
Result is by Internet researcher
Craig
Labovitz, although I can't find this paper. Some hints by Poulson
that this could be related to folks hacking Internet routers to make
safe spaces for themselves. Fun stuff. [RobotWisdom].
Way back when, the Internet was only 30 hosts wide. That is, the time-to-live field on packets in the common TCP/IP implementation was set to 30. If two hosts had more than 30 hops on their route, they couldn't talk to each other. The Internet grew bigger than a diameter of 30 sometime in 1992 or so, and all those TCP/IP stacks had to be updated. I think most stacks now set the TTL to 255, the maximum. Update: The Slashdot thread is surprisingly useful. It includes a link to the author's slideware, but still no paper to be found.
Cute article
in the NYT about Diablo as a father-son shopping experience.
I'm working on buying a house. Everyone told me how much of an
advantage it was, but I never really understood it until I built
a spreadsheet to test it out.
For instance, if you put 20% down on a $300,000 house your monthly
payments are about $2000, but after you count the tax advantage it's
really more like $1300! Crazy.
Writing installers for Windows packages is a pain in the neck. The
commercial packages don't work well and have these funky proprietary
scripting languages for the install script. A better alternative may be
the Nullsoft
Installer, used mostly in WinAmp related programs. Free software,
simple and workable.
Crop circle research has been an amazing site for a
long time, deeply detailed analyses of people who want to believe.
There's a wonderfully detailed analysis of a formation
near Arecibo, which a remix of the 1974 message SETI folks sent
to the stars. Photo to the far right is originally from
Lucy Pringle's crop circle photography.
My old friend Chris
Kline saw the mention of
urinal.net on my weblog, and
mentioned that he took the photos of the Millenium Dome urinals that
are on the site. He and the urinal.net guy were roommates in college.
Small world, united by simple things.
Disturbingly (in)appropriate for the time, but
Flight 404 is a poetically
lovely Flash work about the thoughts of people on a doomed (fictional)
plane.
Fun little utility, http://surfraw.sourceforge.net/. Command line tools
that know about web service sites, so you can run google
Pixelvision from the command line and have it do the right thing.
He has little scripts for about 20 sites. The big drawback is it just
invokes lynx; I'd rather it used wget, scraped the result, and
formatted it as domain-specific text. Hmm, sounds like a good hack.
(PS: I love Debian. I just typed "apt-get install surfraw" and away it
went, like magic.)
[sweetcode]
I've picked up the new game Civilization III, which has the exact
same horrifying addictive qualities as its predecessors. The best fan
site seems to be CivFanatics. The forums even
had a fix for the ugly font bug - remove the Windows installed copy of
LucidaSansRoman. [Memepool]
So someone hacked
Passport. Pretty bad, too.
By cobbling together a handful of browser-based bugs with flaws in
Passport's authentication system, Slemko developed a technique to
steal a person's Microsoft Passport, credit card numbers -- and all,
simply by getting the victim to open a Hotmail message.
Neat stuff on JPL on
the basics of space flight.
The Register has some
details
about MessageLabs. About $.66/user/month for spam scanning, about
$2.20/user/month for virus scanning. MessageLabs claims they have
over 500,000 users, so that gives a revenue estimate of at least a
million dollars a month. Not so bad, although I bet their operations
are expensive. I wonder how well their service really works? There's a
lot of value in centralizing this kind of filtering.
Pixar has made their short films
available on the Web. A complete history of film-quality 3d rendering
in seven easy downloads. [Slashdot]
I finally released Funes, my email search software.
Report
today that there's now a limited North Korean email service,
SiliBank. My packets go through
China before I can't figure out where they're going, and they're
running IIS. Can't tell much more - the English version isn't working,
and I can't read Korean.
There's an editorial on
Advogato with more concern about SourceForge's long-term
stability. Good comments - a reply from the SourceForge manager
himself, also some info on alternatives: Savannah (GNU), Tigris (collab.net?), and BerliOS (GMD Fokus). Also lots
of reports of ad-hoc arrangements people make.
Graphs
of Virus Activity published by MessageLabs, a company that scans
email as a service. Interesting to see what's in the ecology.
Discusson
on Slashdot on VA Linux taking the "Linux" out of their name. Much
pessimism, probably well placed. I can't help but feel that VA is an
example of a VC-backed firm cynically going public before they had a
stable business figured out. Now the company seems hinged on
SourceForge, which is a great free service but as a product? Beats me,
but I'd think Collab.net is in a
better position in that market. They've been doing exactly this for a
long time.
The Register reports that Kuro5hin is already being booted out of the VA/OSDN family. All those open source projects hosted at SourceForge better be sure to have copies of all their files, and a plan for moving if they need to. Are there any good alternatives?
Base
3 number systems are interesting, particularly the
balanced ternary
system which uses (-1, 0, 1) instead of (0, 1, 2) as the digits. [Slashdot].
My little home Apache server is overwhelmed by log entries from
various virus attacks - Nimda, CodeRed, etc. It's tiresome. If you
edit Apache's httpd.conf and replace your old CustomLog entry with
this stuff, the logs go somewhere else. It looks like the Debian
Apache package will even rotate the new file for you, I'll see in a week.
SetEnvIf Request_URI (cmd\.exe|root\.exe|default\.ida) attack
CustomLog /var/log/apache/attack.log combined env=attack CustomLog /var/log/apache/access.log combined env=!attack
The NYT today covers the
history of science in Islam. While Europe was deep in the dark
ages, the Islamic world was busy translating the Greeks and creating
the fields of astronomy, mathematics, and medicine, just to name a
few. Nice to have a reminder every once in awhile.
Shame on the New York Times for publishingVeiled
Messages of Terrorists May Lurk in Cyberspace, an
oversensationalized story trying to make the case that steganography
is in use all the time on the Internet. Sources in the NYT story
refuse to reveal anything about methods or results, and yet are cited
as proof that 0.6% of images found contain hidden messages. The
article does finally get around to Niels Stovos'
excellent work, the one bit of recent published research in steganography
detection. He's analyzed over two million images on eBay and found not
a single message.
Let's see, who are you going to believe; the CEO of a startup that needs military funding to survive and won't let you evaluate his work, or a grad student who publishes all his methods and results?
Fun web site, the halfbakery.
A place for people to post their wacky ideas, other people to comment
on them. Fountains that flow up, flags to mark parking places,
"uncooperative supercomputing" (steal those cycles!), and web based
web browsers.
The site is very slow, so patience is required. Ponder.
urinal.net is an obsessive elegy
for places to pee. Highlights:
Victorian elegance, and
space urinal.
Brewster is
a nifty Windows shareware screensaver that simulates the physics of a
kaleidoscope. Nice anti-aliasing, too.
One of the things I've learned is that RPC by itself isn't enough to
build reliable distributed systems, particularly on the Internet.
SOAP + WSDL is interesting because it doesn't just mandate RPC, it can
do other things, too. Most people are missing that.
I
wrote up some of my thoughts on this as an
email to the simple web services API group.
Justin Chapweske steps up to bat with a draft idea he calls "the content addressable
web". The core idea is to improve the experience of getting big
things from the web by naming resources by pointers to the
resource, not the resource itself. Then you can have a transparent way
to mirror resources. For an added bonus, those pointers can include
secure hashes of the contents, so you know you got the correct data.
Using URIs this way isn't entirely a new idea, but Justin's version is
good.
I'm concerned that we'll never get to a web using "better URIs" to identify resources. We've been running around this idea for eight years, and still nothing. Justin's approach has the virtue of being simple and incremental. For more, see the discussion on the decentralization list.
ActiveState is helping organize a
simple
web services API. The cool thing is it's cross-language; Perl,
PHP, and Python implementations already exist. Feels a bit like
SOAP::Lite done cross-platform.
Some holes (RPC only, no failure model specified), but it looks like a
good start.
"It's a big world. There are lots of countries. He's got lots of money, he's got lots of people who support him. And I just don't know whether we'll be successful," Rumsfield said. 2001-10-25, morning.
Teach me to report speculation on a mailing list. The report that
an HP printer was notifying the FBI of something has a simpler
explanation; maybe someone's attacking the printer's web server with
forged IP addresses, it's responding, and one of the forged addresses
just happened to be an ifccfbi.gov. More info on
the cryptography list.
It struck me that there's one more big risk that MS is taking with
.NET. Will that consumers really pay $25-$50 a year? If it works, then
someone will finally crack the nut of getting people to pay for things
on the Internet. But Microsoft is taking a huge (and uncustomary) risk
in trying to be the first to make it work. As a developer/user, I feel
they're already making mistake in charging
developers for access to My Services. How will ordinary consumers feel?
Obvious counter-strategy: build a totally free alternative service. Plan to give it away the first few years, then either start charging (the Salon model) or monetize the service some other way (the MSIE model). This strategy is high risk, and currently unfashionable. But companies like IBM, Sun, and AOL could afford to do it. The funny thing is I like the idea of MS charging for My Services. It puts the expectations in the right place; my service belongs to me, I pay for it. I hate the way most "free" services take their toll in turning my data into a marketing channel. MS has promised not to do this. If someone follows with a free version, they should give the same protection to consumers. Maybe this is a pipe dream.
Great article by Andy Patrizio of Wired News (referenced on Slashdot) about fans remaking classic
old games like Ultima and The Bards Tale:
Gamers
Making Retro Remakes. Bunch of smart geeks get together, want to
remix Ultima, even get Richard Garriott's permission. The article has
a horrible comment from an Electronic Arts spokesman:
"EA owns the rights to Ultima and all of its characters, and in this case, no permission was requested or granted," said Jeff Brown, an Electronic Arts spokesman. "As for Richard Garriott's approval, that's like getting permission from Toto to remake The Wizard of Oz." I played Ultima I when I was a wee mite, and it had a huge influence on me. A whole world, inside a machine! And created by Richard Garriott, a guy just a few years older than me, not 20 miles from where I lived. When I was 12 I reverse engineered parts of Ultima II, learned a lot. I remember being particularly weirded out because he was using BCD mode on the 6502. To refer to an artist like Garriott as a dog is so deeply offensive.. Technically, he's right, EA owns the IP. But ugh!
Interesting analysis article in the NYT:
Anthrax
Offers Lessons in How to Handle Bad News. Talks about how best to
convey uncertain and scary information. The thing I like best is this
simple set of recommendations for how authorities should speak:
There's a
disturbing report on the cryptography mailing list
that someone's HP printer has been trying to send bits to a host
named origin.ifccfbi.gov. Later posters suggest this may be some
sort of fraud or counterfeit detection in the printer firmware itself.
Do you know who all your printer talks to?
Read up on Jtrix, an open source
(LGPL) distributed app framework that's just been announced. They say:
[Jtrix is] for developing applications which smoothly evolve and adapt. That means they are scalable, adaptive and cost effective to run. It reminds me of my master's work on Hive, a Java framework that includes some sort of discovery mechanism, remote messaging, mobile code, all with an interesting bottom up design. The engineering work on Jtrix looks solid - lots of tests, good documentation. The introduction for everyone (PDF, 29 pages) is the first thing to read if you want depth. The thing I'm curious is how they make a business case for doing this kind of work - I'd love to have an answer for that for myself. There's a bit about this in the FAQ, but it's not very specific ("we wanted it"). Their parent company, Hyperlink, seems to be an incubator of sorts, but with not much info about their seven years of incubating. Regardless, Jtrix is out there, and it's free, and das ist gut so.
Now that I'm unemployed, it's harder for me to organize my time. So
I've started using time tracking software, where I track every minute
of my working day in one of several categories ("noodling around",
"goofing off", "coding Funes", "job search", and two contracting
assignments I'm on). There's a million of time tracker programs out
there, but I settled on the AllNetic
Working Time Tracker. It's simple, free, and integrates nicely
into Windows (tray icon, senses when I'm away). It's still a bit
buggy, but overall it's good.
I'll report later what I've learned running this, and if it's not too embarassing share some of the data (no goofing off in the past three days!). |